I just answered a very similar question earlier today. HKEY_LOCAL_MACHINE is not an actual registry hive, it is the merging of two different keys: HKEY_CURRENT_USER\Software\Classes and HKEY_LOCAL_MACHINE\Software\Classes. The HKEY_CURRENT_USER key takes precedence, so if the value you're looking for exists in both places you get the one from HKEY_CURRENT_USER.
When you are running your VB code through Vulscan, it is most likely running as the SYSTEM account and you are seeing the values from HKEY_LOCAL_MACHINE. When you run the code manually, you are running the code with your user account and it is going to check HKEY_CURRENT_USER first.
When you are creating a vulnerability, you can simply check for the value you are looking for under HKEY_LOCAL_MACHINE\Software\Classes instead of HKEY_CLASSES_ROOT.
See this article on MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724475(v=vs.85).aspx.
Here is a link to the other community discussion where I talked about it: http://community.landesk.com/support/message/98929#98929.
Regards,
Vince